summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Jeff Sharkey <jsharkey@android.com> 2017-02-03 01:22:53 +0000
committer android-build-merger <android-build-merger@google.com> 2017-02-03 01:22:53 +0000
commit825a242ea90f4bdea41dbfa21caaa09129da386d (patch)
tree00f81f074c4fc57d6dfde54ebc18a3dc27b5e140
parente12285ac47308f5e35421f5bb2d4c0f5ccc6d0b2 (diff)
parent30a4388481de8a180e2fc701501051da89f208d3 (diff)
DO NOT MERGE. No direct Uri grants from system. am: b61338ecb3
am: 30a4388481 Change-Id: I8b612304980150f522b0424e564f3bedf030c2b9
Diffstat
-rw-r--r--services/core/java/com/android/server/am/ActivityManagerService.java7
1 files changed, 6 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index a87fd51da07f..a616ece1d24d 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -8203,7 +8203,12 @@ public final class ActivityManagerService extends ActivityManagerNative
// Third... does the caller itself have permission to access
// this uri?
- if (UserHandle.getAppId(callingUid) != Process.SYSTEM_UID) {
+ final int callingAppId = UserHandle.getAppId(callingUid);
+ if ((callingAppId == Process.SYSTEM_UID) || (callingAppId == Process.ROOT_UID)) {
+ Slog.w(TAG, "For security reasons, the system cannot issue a Uri permission"
+ + " grant to " + grantUri + "; use startActivityAsCaller() instead");
+ return -1;
+ } else {
if (!checkHoldingPermissionsLocked(pm, pi, grantUri, callingUid, modeFlags)) {
// Require they hold a strong enough Uri permission
if (!checkUriPermissionLocked(grantUri, callingUid, modeFlags)) {
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-07 10:21:04 +0000